Anti-Hacking for Computer Forensics
How to detect the crime, track the criminal, and assemble the evidence.

The reported incidents of computer crime have more than doubled in the last year. Which just proves that you — no matter how robust your security strategy and practices are — need to know exactly how computer crimes are committed, how to assemble the evidence, and work with law enforcement for prosecution.

In this 4 day class, you will discover the different types of computer threats and crimes, and investigate computer crime prevention techniques. You will find out how to identify, investigate, capture, analyze, preserve and process evidence. In this in-depth "crime" course, you'll gain the knowledge and tools you need to create a corporate computer crime policy. You will learn how to build the management response, technical, and tactical teams. You'll learn the laws regarding computer crime, and how to tell if your company has been a victim. You'll examine best practices for incident response. You'll also learn how to coordinate your efforts with law enforcement and maintain evidence chain of custody.

When you're finished, you'll know what computer crime is, and isn't… and how to safeguard your organization's vital technology assets.

Key topics:
• The basics of computer forensics
• Windows-based Computer Forensics
• UNIX / Linux-based Computer Forensics
• Build your Digital Forensics Toolkit
• Discover proven investigative strategies
• Tracking an offender on the Internet and intranet's
• Tips and techniques for incident response
• Proper handling of evidence
• Working with law enforcement
• Insider Threats
• Computer Security Issues

Who should attend:
Information Security Officers, Information Systems Managers, Telecommunications and Network Administrators, Consultants, Systems and Data Security Analysts, and others concerned with computer Forensics Investigations.

CHFI class May 30-June 3 Sold out CHFI class is July 18-22 Click a class date to REGISTER NOW!

Class agenda:
Intro to Computer Crimes
If you don't know exactly what computer crime is, you can't effectively protect your organization. Knowledge and understanding begins here.

Detecting Computer Crime
• Factors affecting detection
• Intrusion indicators
• Detection Methods
• Digital Forensics defined
• Data Hiding
• Text Searching

Setting Up a Forensics Group
A crucial part of any computer crime prevention strategy is deciding who's going to be responsible… and how they're going to achieve their goals.
• Staffing recommendations
• Establishing policies
• Providing the right training
• Time-proven best practices
• Sample policies and reports

High-Tech Investigations
When a criminal strikes, the right incident response strategy and investigative tactics can spell the difference between a business write-off and a civil judgment or criminal conviction.
• Investigating Computer Crimes and Incidents
• Objectives/basics of investigations
• Scoping the investigation
• Classifying the investigation
• Determining how the crime was committed
• Discerning which questions you are trying to answer
• Data capture, discovery, and recovery
• Analyzing evidence
• Following accepted forensics protocols
• Organizing the investigation
• Investigative challenges
• Performing the investigation
• Civil litigation and restitution
• Criminal prosecution: dealing with suspects
• Planning for an incident before it occurs
• Recommended response team members
• Determining the ROI of an investigation
• Developing a computer incident flow chart

Advanced Computer Forensics
An advanced look at computer crime evidence and the best methods for retrieving it.
• Types of forensics — field vs. lab
• Forensics basics — Acquire, Authenticate, Analyze
• Acquiring legally sufficient evidence
• Authenticating the evidence
• Analyzing the evidence
• Windows and UNIX/Linux forensics
• Hardware and software recommendations
Tracking an Offender

If you can't locate the offender — and, even more important, the offending computer — you're back to square one. Tips, tools, and techniques for locating the offending computer on the network, on an intranet, and the Internet.
• Determining civil, criminal, and internal "proof"
• Processing a scene that includes digital evidence
• Proper seizure techniques

Digital Forensics Tools (Hands-On Labs)
• Misc. Software tools
• Traveling computer forensics kit
• Secure forensics laboratory
• EnCase demo
• Access data demo
• Fastbloc
• Diskscrub from NTI,
• SMART image program
• Nature of the media
• Quick preview of content
• Image acquisition

Proper Evidence Handling
Once you've decided to devote time and manpower to investigating an incident, you'll want to ensure the evidence you collect is viable for civil, criminal, or internal prosecution.
• Processing the evidence
• Maintaining chain of custody
• The role of image backups

Evidence
• Rules of evidence
• Legal recovery
• Types/classification of evidence
• Direct
• Real
• Documentary
• Demonstrative
• Public
• Private
• Legal
• Proprietary
• Intrusive
• Analyzing computer evidence
• Chain of custody and evidence life cycle
• Search and seizure
• Pulling the plug
• Removing the hardware
• Hardware check
• On-site backup
• On-site searches
• Executing search and seizure

Working with Law Enforcement
A good working relationship with law enforcement is an important part of every corporate computer crime strategy. How to work with law enforcement — before and after the crime — to achieve optimal results.
• Omnibus Act
• Privacy Protection Act and Electronic Communications Privacy Act
• Fourth Amendment
• Privacy and other laws
• Search warrants
• What law enforcement can do to help
• When, how, and why to contact law enforcement
• Pertinent laws and rules of evidence
• Statement of damages — actual and projected
• Jurisdictional issues

Hands-On Class Exercises
• Analysis of operating systems, hard drives, and PDAs
• Locating, handling, and processing digital evidence
• Important case studies
• Tools and sources for updated learning